Default configuration

The default configuration of Uber Uploader UU 5.3.6 and earlier does not block uploads of 1 .html, 2 .asp, and other possibly dangerous extensions, which allows remote attackers to use these extensions in uploads via a uufileupload.php, related to uufileupload.js and b uberuploaderfile.php, relat...

CVE-2007-6668

admin/uploadgames.php in MySpace Content Zone MCZ 3.x does not require administrative privileges, which allows remote attackers to perform unrestricted file uploads, as demonstrated by uploading 1 a .php file and 2 a .php%00.jpeg file...

CVE-2007-6668

admin/uploadgames.php in MySpace Content Zone MCZ 3.x does not require administrative privileges, which allows remote attackers to perform unrestricted file uploads, as demonstrated by uploading 1 a .php file and 2 a .php%00.jpeg file...

FreeBSD : gallery2 -- multiple vulnerabilities (4aab7bcd-b294-11dc-a6f0-00a0cce0781e)

The Gallery team reports : Gallery 2.2.4 addresses the following security vulnerabilities : - Publish XP module - Fixed unauthorized album creation and file uploads. - URL rewrite module - Fixed local file inclusion vulnerability in unsecured admin controller and information disclosure in hotlink...

Fedora 7 : gallery2-2.2.4-1.fc7 (2007-4777)

Gallery 2.2.4 addresses the following security vulnerabilities : - Publish XP module - Fixed unauthorized album creation and file uploads. - URL rewrite module - Fixed local file inclusion vulnerability in unsecured admin controller and information disclosure in hotlink protection. - Core /...

gallery2 -- multiple vulnerabilities

The Gallery team reports: Gallery 2.2.4 addresses the following security vulnerabilities: Publish XP module - Fixed unauthorized album creation and file uploads. URL rewrite module - Fixed local file inclusion vulnerability in unsecured admin controller and information disclosure in hotlink...

Input validation

Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads...

CVE-2007-4695

Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads...

CVE-2007-4695

The CVE-2007-4695 issue affects Apple Mac OS X 10.4 through 10.4.10 and Mac OS X Server 10.4 through 10.4.10, where a WebCore input-validation flaw in HTML form handling may allow remote attackers to modify form field values via unknown vectors related to file uploads. The underlying defect is an...

CVE-2007-4695

Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads...

SA-2007-026 - Drupal Core - Cross site scripting via uploads

The allowed extension list of the core Upload module contains the extension HTML by default. Such files can be used to execute arbitrary script code in the context of the affected site when a user views the file. Revoking upload permissions or removing the .html extension from the allowed extensi...

Debian DSA-1371-1 : phpwiki - several vulnerabilities

Several vulnerabilities have been discovered in phpWiki, a wiki engine written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2024 It was discovered that phpWiki performs insufficient file name validation, which allows unrestricted file...

DSA-1371-1 phpwiki - several vulnerabilities

Bulletin has no description...

AuraCMS 2.1 - Remote File Attachment Local File Inclusion

AuraCMS 2.1 - Remote File Attachment Local File Inclusion AuraCMS 2.1 - Remote File Attachment - Local File Inclusion Vendor : http://www.auracms.org/ Download : http://www.auracms.org/dljump.php?id=42 Ditemukan oleh : k1tk4t - k1tk4t4tnewhack.org Lokasi : Indonesia -- newhackdotorg @ irc.dal.net...

AlstraSoft Template Seller Pro <= 3.25 Remote Code Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo " AlstraSoft Template Seller Pro = 3.25 Remote Code Execution Exploit by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks to rgod for the php code and Marty for the Love "; if $argc4 echo "Usage:...

PhpWiki fails to properly restrict uploaded files

Overview PhpWiki fails to properly restrict uploaded files, which can allow a remote attacker to execute arbitrary commands on a vulnerable system. Description PhpWiki is Wiki software that is implemented in PHP. PhpWiki includes an "UpLoad" feature that allows users to upload files. Files with a...

Design/Logic Flaw

Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles...

CVE-2007-0147

Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles...

CVE-2007-0147

Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles...

ContentNow 1.30 (upload/xss) Multiple Remote Vulnerabilities

No description provided by source. ContentNow Directory Traversalupload.php ------------------------------------------ -vulnerability By: Timq -http://securitydb.org -Team Root-Shell -Email:timqathushmail.com ------------------------------------------ It appears that it is possible to view any...